Network Operations
This activity list applies to all network devices (routers, switches, wireless access points, firewalls, other network services). The objective behind the activities is to secure its internal network, network connections and resources from intrusions and to provide/maintain the security of infrastructure and data and thus this policy provide guidelines to ensure availability and reliability of network devices for safe and secure connections to the information assets.
| Category | Sub-Category | Name | Activity |
|---|---|---|---|---|
Network Operations | Perimeter Security | Network Policy Enforcement Points | Network traffic to and from untrusted networks passes through a policy enforcement point; firewall rules are established in accordance to identified security requirements and business justifications. | |
Network Operations | Perimeter Security | Inbound and Outbound Network Traffic: DMZ | Network traffic to and from untrusted networks passes through a Demilitarized Zone (DMZ). | |
Network Operations | Perimeter Security | Ingress and Egress Points | [The organization] maintains an inventory of ingress and egress points on the production network and performs the following for each: | |
Network Operations | Perimeter Security | Non-disclosure of Routing Information | [The organization] does not disclose private IP addresses and routing information to unauthorized parties. | |
Network Operations | Perimeter Security | Dynamic Packet Filtering | Where applicable, [the organization] enables dynamic packet filtering on the network. | |
Network Operations | Perimeter Security | Firewall Rule Set Review | Network infrastructure rule sets are reviewed [in accordance with the organization-defined frequency]. | |
Network Operations | Perimeter Security | Trusted Connections | All trusted connections are documented and approved by authorized personnel; management ensures the following documentation is in place prior to approval: | |
Network Operations | Network Segmentation | Network Segmentation | Production environments are logically segregated from non- production environments. | |
Network Operations | Network Segmentation | Card Processing Environment Segmentation | Where applicable, [the organization] segregates the Personal Account Number (PAN) infrastructure including payment card collection devices; [the organization] limits access to the segregated environment to authorized personnel. | |
Network Operations | Wireless Security | Disable Rogue Wireless Access Points | [The organization] employs mechanisms to detect and disable the use of unauthorized wireless access points. | |
Network Operations | Wireless Security | Wireless Access Points | [The organization] maintains an inventory of authorized wireless access points including a documented business justification. | |
Network Operations | Wireless Security | Rogue Wireless Access Point Mapping | [In accordance with the organization-defined frequency], [the organization] performs an access point mapping exercise to identify and remove unauthorized wireless access points. | |
Network Operations | Wireless Security | Authentication: Wireless Access Points | [The organization] restricts access to network services via wireless access points to authenticated users and services; approved wireless encryption protocols are required for wireless connections. |